[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA-134-1

James Nord <teilo@teilo.net> writes:

>> Theo de Raadt said in a post to Bugtraq the exploit won't work on
>> sshd with privilege seperation enabled, however even if it did work
>> it'd be better to have an attacker get a chrooted shell with no
>> privs instead of root access to the entire system.

> In which case you just need a local exploit to go with your remote exploit.

Or you don't care about the local system ressources at all and just
abuse the network (like some Code Red variant did).

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: